UPDATE

when i add a static route to my machine (172.20.0.179) to the 172.18.x.x network everything is working fine.

So i think it has something to do with our nokia checkpoint.

Something like asynchronous routing?

Because traffic flows from the 172.18.x.x directly into the 172.20.x.x network and from the 172.20.x.x network it goes first through a nokia checkpoint and then back to the pfsense firewall?

See my brilliant paint for more explanation  ;D


I've tried without aliases as well, the camera's CAN use RTP, but in this case, it's RTPoverHTTP as they call it.
I've tried using an SSH-tunnel (I have an NAT that actually works, SSH to my NAS), and forwarded just port 80 through that, and that works for all the cameras.

Yes - you should find a few threads about this since it's been covered before.

Effectively you're setting up a remote transparent proxy.  Just ensure that you exclude the proxy itself from this, otherwise traffic will go around in circles ;)

I had already tried it, but changed it again.

Then, from an internal machine, I try to access DMZ (which is also WAN for pfsense) but it still translates.

One thing I noted, if I run "pfctl -s all" I can not see this rule. It appears it doesn't get applied.

Since I am away, I will not try a reboot now  :P, but do you think this may be it?

Is there a command line version of this so that I can try "manually"?

Thank you again

@jimp:

Upstream equipment probably had the MAC addresses of the old box in its ARP cache.

Interesting, let me check on that.  I need to replace that firewall and am not having a great experience with it.

This seems to have worked!

Thanks for the head up, it is very appreciated!

hi GruensFroeschli,
thanks for your reply I will try to use upnp otherwise i must change the port for any client.

inferenza

The problem seem to be with the VOIP provider. Got it working after I made a call to the their tech support.

Thanks Cry Havok and kpa for your help.
To answer your questions I have "any" set for the external address.
Also yes the 8x8 box has IP 192.168.1.201, with a netmask of 255.255.255.0.

Thanks a lot,
Sai

In 2.0 you can use RADIUS or LDAP as an authentication source for the GUI.

Problem solved…
It was a rule problem, in that when I switched from wan network to any (source network)all is gone in the right way.

edit the config, rm /tmp/config.cache, then run /etc/rc.filter_configure

Firstly, if you put the torrent box on a dmz nic, then you don't have to worry about any issues with the linksys wireless router.

Secondly, I like to keep my wireless traffic separate from my wired.  That way I can handle it differently if I want, and if someone manages to crack my encryption, they can't get to my wired machines.

Thirdly, if the torrent box is on it's own nic, then you know exactly what it's doing, and don't have any extraneous traffic to deal with.

On my setup, simply port forwarding is all I needed to do. I did it with a P-ARP VIP since my primary IP is done by DHCP.

Since the ports are forwarded, and it seems to me you don't have extra IPs (or aren't trying to use anything but the primary IP), you don't need any CARPs.

It was my mal server…. pfsense is the ballz